26338 total geeks with 3498 solutions

Recent challengers:

daggett reverser 8 - 01:22PM
UltraSuperboy level 6 - 01:12PM
UltraSuperboy level 5 - 12:45PM

Welcome, you are an anonymous user! [register] [login]

	GEEK
Challenge Bonus Levels Geek Reverser View Solutions Test Centre Hall of Brain Hall of Bonus Hall of Reverse Geek or Freak

User's box

Username:

Password:

Forgot password?
New account

Shoutbox

	MaxMouse It's Friday... That's good enough for me!
	CodeX non stop lolz here but thats soon to end thanks to uni, surely the rest of the world is going good?
	stabat how things are going guys? Here... boring...
	CodeX I must be going wrong on the password lengths then, as long as it was done on ECB
	MaxMouse lol... the key is in hex (MD5: of the string "doit" without the "'s) and is in lower case. Maybe i should have submitted this as a challenge!

Donate

Donate and help us fund new challenges

Due Date:	Jun 30
June Goal:	$40.00
Gross:	$0.00
Net Balance:	$0.00
Left to go:	$40.00

Contributors

News Feeds

The Register

	Offensive, iconoclastic internet trolls will NOT be prosecuted, says DPP
	Not even Comet slamming into Earth can keep Dixons out of the red
	So: Just how do you stop mobile users becoming leaky lusers?
	France gives Google three month DATA PRIVACY DEADLINE
	Tosh puts slim model on a single-plate diet to create new 7mm mutant
	Nokia Lumia 925: The best Windows Phone yet
	Brocade: People try to put us down, talkin" "bout my (Fibre Chan) generation
	Hey, wannabe Murdochs, yet more chances to run your own telly station
	Wake up, Uncle Fester! Huawei?s nattering about BUYING Nokia
	Home Office boffins slip out passport-scanning Android app

Slashdot

	Length of Applause Not Tied To Quality of Presentation
	Why Your Sysadmin Hates You
	21 Financial Sites Found To Store Sensitive Data In Browser Disk Cache
	US and Russia Set Up Cyber Cold War Hotline
	Amazon Vows To Fight Government Requests For Data
	2 Men Accused of Trying To Make X-Ray Weapon
	Monsanto Executive Wins World Food Prize
	Microsoft Launches $100k Bug Bounty Program
	The Plight of Star Wars Droids
	Java API and Microsoft"s .NET API: a Comparison

Article viewer

Encryption Techniques in PHP

Written by:	TroPe
Published by:	bb
Published on:	2004-11-07 17:19:02
Topic:	PHP

Search OSI about PHP.

More articles by TroPe.

viewed 48477 times

This article will explain how to use one-way encryption, symmetric encryption, and asymmetric encryption in PHP.

-----------------------------------------------
Intro to Encryption Techniques in PHP
-----------------------------------------------
Written by Giovanni Tropeano 11/2004
Prepared for OSIX

<<< Table of Contents >>>

...Preface
...One-Way Encryption
...Symmetric Encryption
...Asymmetric Encryption
...Summary

::: Preface :::
PHP uses cryptography to encrypt and decrypt text. Cryptography is a process that uses various mathematical formulas to encode and decode data. It uses algorithms to encrypt different modes of communication, such as text, messages, and signals. Plain text is the term used to refer to the message that is to be transmitted. Encrypted text is plain text in encrypted form.

PHP supports three types of encryption techniques: one-way, symmetric, and asymmetric. In all three techniques, PHP provides several methods to encrypt and decrypt data.

I decided to write this today (Sat Nov 6 2004) because I struggled (still am) with one of the challenges here (trying to do it in PHP). What better way to learn than to teach. I think some ancient chinese guy said that or something, didn't he?

Let's begin...

::: One-Way Encryption :::
In the one-way encryption technique, a string of text is only encoded, not decoded. The algorithms for one-way encryption are called hash algorithms. PHP uses the Message Digest (MD) hash algorithm, MD5, for one-way encryption. MD5 accepts a string as input and converts it to a unique 128-bit fingerprint of the message. MD5 is an irreversible process because it is not possible to decipher a message after it is converted into 128-bit fingerprint. Let's take a look at a diagram:

PHP implements the MD5 hash algorithm using the md5 function. Listing 1 shows how to use the md5 function:

Listing 1: Using the md5 Function

    <?php
    $msg = " Trope stinks at Geek Challenges ";
    $encrypted_text = md5 ($msg);
    echo("<b>Plain Text : </b>");
    echo($msg);
    echo("<p><b>Encrypted Text : </b>");
    echo($encrypted_text);
    ?>

In the above listing, a string argument, Trope stinks at Geek Challenges, is passed to the md5 function. The encrypted 128-bit fingerprint value is returned to the variable encrypted_text. Figure 2 shows the 128-bit fingerprint of the message:

PHP also uses cyclic redundancy checksum (CRC32), which is another hash algorithm, for one-way encryption. The CRC32 algorithm converts a plain text message into a 32-bit fingerprint. PHP provides a mhash library that consists of functions such as md5. The mhash library function is used for implementing the algorithms in the mhash library. The mhash library function accepts two arguments - the first is a hashing constant and the second is the string to be encrypted. Table 1-1 lists the hashing constants used for hash algorithms:

The following listing shows how to use the mhash library function in the CRC32 algorithm:

Listing 2: Implementing the mhash Library Function

    <?php
    echo("<h3> Implementing mhash </h3>");
    $plain_text = "Damn why won't PHP come naturally to me!";
    $encrypted_text = mhash(MHASH_CRC32, $plain_text);
    echo("<p><b> Encrypted text is : </b>");
    echo($encrypted_text);
    ?>

The above listing shows how a plain text is encrypted using the mhash function. In the listing, the variable $plain_text stores the string to be converted. The mhash function accepts the MHASH_CRC32 constant as the first argument and the $plain_text variable as the second argument and returns a 32-bit fingerprint of the message stored in the variable $encrypted_text.

::: Symmetric Encryption :::
Symmetric encryption uses a special code called a key. The hash algorithm uses the key on the plain text to generate the encrypted text and on the encrypted text to decrypt it into the original plain text. The sender and receiver of the encrypted message should know the value of the key to be able to send or receive messages. The drawback of the symmetric encryption technique is that if the key is available to anyone other than the sender or receiver of the message, the entire encryption process fails. To ensure the security of the message, it is essential to ensure the secrecy of the key. Figure 3 illustrates the process of symmetric encryption:

Figure 3: Symmetric Encryption

This figure illustrates the symmetric encryption technique. The plain text is converted to encrypted text using the encryption algorithm and the key value. The encrypted text is converted back to plain text using the decryption algorithm and key value.

PHP provides several algorithms for symmetric encryption in the mcrypt library. It also provides the mcrypt_ecb function to implement the algorithms of the mcrypt library.

Listing 3: Encrypting Data Using the mcrypt_ecb Function

    <?php
    echo("<h3> Symmetric Encryption </h3>");
    $key_value = "KEYVALUE";
    $plain_text = "PLAINTEXT";
    $encrypted_text = mcrypt_ecb(MCRYPT_DES, $key_value, $plain_text, MCRYPT_ENCRYPT);
    echo ("<p><b> Text after encryption : </b>");
    echo ( $encrypted_text );
    $decrypted_text = mcrypt_ecb(MCRYPT_DES, $key_value, $encrypted_text, MCRYPT_DECRYPT);
    echo ("<p><b> Text after decryption : </b>");
    echo ( $decrypted_text );
    ?>

This listing uses the mcrypt_ecb function to encrypt as well as decrypt text. The mcrypt_ecb function accepts four arguments. The first argument is the algorithm constant, the second is the key, and the third is the string to be encrypted. The fourth argument is MCRYPT_ENCRYPT when the message is encrypted and MCRYPT_DECRYPT when the message is decrypted.

Figure 4 shows the encrypted and decrypted texts using the key value in the symmetric encryption technique:

::: Asymmetric Encryption :::
Symmetric encryption uses a special code called a key. The hash algorithm uses the key on the plain text to generate the encrypted text and on the encrypted text to decrypt it into the original plain text. The sender and receiver of the encrypted message should know the value of the key to be able to send or receive messages. The drawback of the symmetric encryption technique is that if the key is available to anyone other than the sender or receiver of the message, the entire encryption process fails. To ensure the security of the message, it is essential to ensure the secrecy of the key. Figure 5 illustrates the process of symmetric encryption:

::: SUMMARY :::
You should now have a good high level understanding of how you can encrypt data using PHP. Of course it's beyond the scope of this article to go into detail on each encryption algorithm, but you can search and find tons of info on each.

Ciao!
TroPe

Ps. Nothing really "Top Secret" I suppose.

Did you like this article? There are hundreds more.

Comments:

Revelation
2004-11-08 02:41:41

A note: Calling MD5 or CRC32 checksums encryption may be a misnomer. I'm not sure (somebody feel free to tell me I'm wrong) but the proper term for what they do is _hashing_. As the name indicates they're most valuable for checksums, or checking the identical-ness of something.

For something to be encryption, I think it has to be decryptable, but I may be completely wrong.

aidan
2004-11-08 10:23:16

Another great article Tr0pe. I think Revelation is right but it was much better to include the section on hashing than to leave it out!

loureiro97
2004-12-03 18:29:24

A GREAT article indeed.
5/5

AcidIce
2004-12-12 15:37:19

very good, could include a bit more depth on asymmetric encryption though... otherwise great :)

Anonymous
2006-10-06 09:02:18

jkhylmak cqiblmhifi pqjk iftfbj

Anonymous
2007-02-08 00:30:12

Is the symmetric algorithm provides output in range of a-z and digits? Is it possible that cipher text can be enter using keyboard characters.

Anonymous
2007-04-17 02:10:09

Very usefull and interestng

Anonymous
2007-07-04 13:38:56

A fairly useless article, giving a terribly wrong picture of asymmetric encryption, which, in fact, is not currently implemented in the out-of-the-box distribution of PHP.

Anonymous
2007-12-11 05:33:44

From where do i get the mhash library? And where do i save it?

Anonymous
2007-12-11 05:34:18

From where do i get the mhash library? And where do i save it?

Can you plz reply me on immujeeb@hotmail.com

Anonymous
2008-02-08 09:32:31

really helpful

Anonymous
2008-02-19 10:36:45

when i use the symmetric decryption on firefox it appends "??" at the end of the string. any ideaa?

Anonymous
2009-11-11 15:29:56

mcrypt_ecb has been deprecated http://es2.php.net/manual/en/function.mcrypt-ecb.php

Anonymous
2010-02-03 11:54:57

interesting stuff... definitely worth a read...

Anonymous
2010-11-22 10:55:55

thank you for giving this article.it is very useful to me....

Anonymous
2010-12-12 02:00:47

Thanks. You didn't discuss Asymmetric Encryption, the stub above is a copy of the Symmetric.

Anonymous
2011-05-21 13:14:22

♂pqrs

Anonymously add a comment: (or register here)
(registration is really fast and we send you no spam)

BB Code is enabled.

Captcha Number:

Blogs: (People who have posted blogs on this subject..)

elasolova

My PHP Projects on Sat 26th Sep 10am
I have been developing PHP applications for almost a year now. I have developed three projects. One is a simple trivia game. The other is a question-answer based community at http://www.javaist.com/quans . The last one is a programming challenge site just

countll

Blog entry for Thu 25th Oct 7am on Thu 25th Oct 7am
soo nu on this wicked world of NET. just decided to dive in today..hope friend aroun here can help

Test Yourself: (why not try testing your skill on this subject? Clicking the link will start the test.)

Test of experience (hopefully) by AcidIce

Things you're only likely to know if you've actually written a lot of PHP before :)

Your Ad Here